ISSUE-100: Remove the srcdoc attribute from the HTML5 specification

srcdoc

Remove the srcdoc attribute from the HTML5 specification

The srcdoc attribute does not have universal acceptance, and the group was still
discussing it when the editor added it to the specification, without group consensus.

The supposed use case for this attribute is weblog comments, but concerns about
HTML security have been resolved with weblog and other application comments
years ago. In addition, support for this attribute could give the impression
that online sites don't need any other security, which is false. Script
injection is only one aspect of security related to weblog comments, and
considered a fairly trivial one at that.

Changelog:

The srcdoc attribute does not have universal acceptance, and the group was still
discussing it when the editor added it to the specification, without group consensus.

The supposed use case for this attribute is weblog comments, but concerns about
HTML security have been resolved with weblog and other application comments
years ago. In addition, support for this attribute could give the impression
that online sites don't need any other security, which is false. Script
injection is only one aspect of security related to weblog comments, and
considered a fairly trivial one at that.

The srcdoc attribute does not have universal acceptance, and the group was still
discussing it when the editor added it to the specification, without group consensus.

The supposed use case for this attribute is weblog comments, but concerns about
HTML security have been resolved with weblog and other application comments
years ago. In addition, support for this attribute could give the impression
that online sites don't need any other security, which is false. Script
injection is only one aspect of security related to weblog comments, and
considered a fairly trivial one at that.